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DETAILED ACTION 
Response to Arguments 

1 . Applicant's arguments filed 04/05/2004 have been fully considered but 
they are not persuasive. The pending claims are 1, 3-15, 17-32 and 35-36. 



(a) As argued by applicant on page 8, line 27- page 9, line 4: 

// is earnestly believed that the permission entry 1502 described in CoL 26, line 28-33 of 
Bapat et al does not teach defining at least one expression associated with at least one 
record of said database, wherein the expression is a calculation expression that can be 
evaluated at least partly based on at least one field of said at least one record. As such, it is 
respectfully submitted that the Examiner's rejection is improper for at least this reason and it 
should be withdrawn. 
Examiner respectfully traverses because of the following reasons: 

The user access rights is defined by the Bapat permissions table as shown 



below: 



Granted Permisslofis Table for Table 1 
1502 -sjuser name 



i^r X 



user_y 



Liser y 



user z 



1510 group a 



group z 



Ob^ct Name 



obiect_xy2 



obj^ectjqrs 



objecLxyz 
object^abc" 



<^{ect def 



object hii 



objedjld 



Operation Type 



SELECT 



UPDATE 



SELECT 



SELECT 



SELECT 



SELECT 



A permission entry 1502 is tuple having three fields, user name, object name, 
and operation type. The object name, preferably, is the FDN or Full Distinguish Name 
for a managed object (Col. 26, Lines 28-33). Referring to FIG. 1 1 A as shown below, 
each row in the database tables includes a field called the Fully Distinguished Name or 
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FDN of a managed object followed by columns of data. For example, an FDN can look 
like /systemid="sys17owneF"accompany7devicetype- Youter" (Col. 19. Lines 24-35). 

Row 

FdFTI Dalail ..J DataN 

As seen, each row of the Granted Permissions Table is defined by a meaningful 
combination of characters or expression to specify a record access right for a user, 
wherein the expression associated with a record of the database by the FDN. Each row in 
the Granted Permissions Table explicitly defines an access right of a user to a record in 
the database with its Fully Distinguished Name is equal to the specified Fully 
Distinguished Name in the Granted Permissions Table. For example, based on a row of 
the Granted Permissions Table, a user_x can delete any record that has Object Name 
(FDN) = Record (FDN). As seen, each row expression in the Granted Permissions 
Table is a mathematical process evaluated by the FDN field of the record to determine 
the access right. In short, the Bapat technique as discussed performed the claimed 
defining at least one expression associated with at least one record of said database, wherein 
said at least one expression is a calculation expression that can be evaluated at least partly 
based on at least one field of said at least one record. 

(b) As argued by applicant with respect to claim 3 on page 9, lines 5-9: 

Furthermore, it is respectfully submitted that the Examiner's rejection is improper and 
should be withdrawn for an additional reason because the Examiner has also asserted that 
Col. 16, lines 28-33 of Bapat et al teaches at least one expression that is a calculation 
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expression and can be evaluated at least partly based o at least one state variable of said 
database. 

Examiner respectfully traverses because of the following reason: 
As defined by applicant in the specification (page 8, lines 12-13), various state 
variables of the database could be date, time, number of records, etc. 

The Bapat reference, taken as a whole, discloses the claimed state variable of 
the database, at least in view of number of records as the state of a database. As 
shown in FIG. 1 1C, a user's view access right could be defined by using FDN: 

Vtew_tablenaine_us^ame 
Usemame 
T^lename 
Permbsions Ust 

where FDN- 

FDN1(key to Object) 
FDM2 

FPWz 

And a list of FDN could be defined to indicate the number of records (Col. 21 , 
Lines 13-27). 

(c) Applicant's arguments on page 9, line 14-page 10, line 9 have been 
considered but are moot in view of the new ground(s) of rejection. 



^1110 

^1111 

^1112 

^1113 
^1114 

^1115 

-1116 



-1117 
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Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 
U.S.C. 102 that form the basis for the rejections under this section made in this Office 
action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the 
United States before the invention thereof by the applicant for patent, or on an international application 
by another who has fulfilled the requirements of paragraphs (1 ), (2), and (4) of section 371(c) of this 
title before the invention thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act 
of 1999 (AlPA) and the Intellectual Property and High Technology Technical 
Amendments Act of 2002 do not apply when the reference is a U.S. patent resulting 
directly or indirectly from an international application filed before November 29, 2000. 
Therefore, the prior art date of the reference is determined under 35 U.S.C. 102(e) prior 
to the amendment by the AlPA (pre-AlPA 35 U.S.C. 102(e)). 

3. Claims 1,3-10 and 28-32 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Bapat et al. [USP 6,236,996 B1]. 

Regarding to claims 1 and 28, Bapat teaches a method and a computer program 
for controlling managed objects. As shown in FIG. 14, tables 310 and 320 as in FIG. 
11A are stored in a conventional DBMS 280 (Col. 25, lines 49-50). Rows 311, 312, 321, 
322 of the tables 310, 320 contain management information for managed objects (Col. 
25, lines 60-61). The FDN operates as the primary key to the data stored in the table 
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and to determine which managed objects that a particular user is permitted to access or 
modify (Col. 19, lines 36-40). Access control for a particular user on a particular 
managed object is defined by a permissions table as shown below (Col. 26, lines 10- 
12). 



Granted Pemlsstons Table for Table 1 



user X 



user y 



user z 



group _z 



Ob^ Name 



oWacl_xyz 



ob^ct,qrs 



obiect_xyz 



object abc 



objecLdef 



object Jkl 



Operation Type 



SELECT 



UPDATE 
SELECT 



DELETE 



SELECT 



SELECT 



SELECT 



A permission entry 1 502 is tuple having three fields, user name, object name, 
and operation type. The object name, preferably, is the FDN or Full Distinguish Name 
for a managed object (Col. 26, Lines 28-33). Referring to FIG. 1 1 A as shown below, 
each row in the database tables includes a field called the Fully Distinguished Name or 
FDN of a managed object followed by columns of data. For example, an FDN can look 
like /systemid="sys17owner="accompany7devicetype="router" (Col. 19, Lines 24-35). 



Row 



FDN I Data 1 1 



DataN 



As seen, each row of the Granted Permissions Table is defined by a meaningful 
combination of characters or expression to specify a record access right for a user, 
wherein the expression associated with a record of the database by the FDN. Each row in 
the Granted Permissions Table explicitly defines an access right of a user to a record in 



Application/Control Number: 09/771 ,143 Page 7 

Art Unit: 2172 

the database with its Fully Distinguished Name is equal to the specified Fully 
Distinguished Name in the Granted Permissions Table, For example, based on a row of 
the Granted Permissions Table, a user_x can delete any record that has. Object Name 
(FDN) = Record (FDN), As seen, each row expression in the Granted Permissions 
Table is a mathematical process evaluated by the FDN field of the record to determine 
the access right. In short, the Bapat technique as discussed performed the claimed 
defining at least one expression associated with at least one record of said database^ wherein 
said at least one expression is a calculation expression that can be evaluated at least partly 
based on at least one field of said at least one record. When a user 300 issues an SQL 
command to access the DBMS 280 (Col. 22, lines 24-26, Col. 25, lines 65-67), Access 
Control is enforced by evaluating FDN as at least one expression for said at least one 
record, and allowing access to said one record based on said evaluating o/FDN as least 
one expression, and illustrated by Bapat from Col. 27, line 45 to Col. 28, line 26. 

Regarding to claim 3, Bapat teaches all the claimed subject matters as discussed 
in claim 1 , Bapat further discloses at least one expression is a calculation expression that 
can be evaluated at least partly based on at least one state variable of said database (FIG 1 1 C, 
Col. 21, Lines 13-27). 

Regarding to claims 4 and 29, Bapat teaches all the claimed subject matters as 
discussed in claims 1 and 28, Bapat further discloses at least one expression can be 
defined based on fields and state variables of said database, and wherein said evaluating 
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operates to return only one of two possible values, one of said possible values indicating that 
access to said at least one record should be granted, and the other one of said possible values 
indicating that access to said at least one record should be denied (Col. 26, lines 28-33, Col. 
27, line 45-Col. 28. line 26). 

Regarding to claim 5, Bapat teaches all the claimed subject matters as discussed 
in claim 1 , Bapat further discloses evaluation is performed only when a request to access 
said at least one record has been received (Col. 25, line 65-Col. 26, line 7). 

Regarding to claim 6, Bapat teaches all the claimed subject matters as discussed 
in claim 1 , Bapat further discloses defining of said at least one expression defines access 
privileges for a user of said database with respect to accessing one or more records of said 
database (FIG. 15A and B). 

Regarding to claim 7, Bapat teaches all the claimed subject matters as discussed 
in claim 1 , Bapat further discloses defining of said at least one expression operates to define 
access privileges for a user of said database with respect to at least one operation that can be 
performed on one or more records of said database (FIG. 1 5A and B). 

Regarding to claim 8, Bapat teaches all the claimed subject matters as discussed 
in claim 1 , Bapat further discloses defining of said expression defines access privileges for 
at least one user of said database with respect to access to one or more records in said 
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database^ and wherein said defining of said expression operates to define access privileges 
with respect to at least one operation that may be requested to be performed by said at least 
one user on one or more records of said database (FIG. 1 5A and B). 

Regarding to claim 30, Bapat teaches all the claim subject matters as discussed 
in claim 28, Bapat further discloses defining of said expression is made to define access 
privileges of at least one user of said database with respect to access to one or more records of 
said database^ and wherein said defining of said expression operates to define access privileges 
with respect to at least one operation that may be requested to be performed by said at least 
one user on one or more records of said database (FIG, 1 5A and B). 

Regarding to claims 9 and 31 , Bapat teaches all the claimed subject matters as 
discussed in claims 8 and 28, Bapat further discloses at least one user is assigned a 
password that is associated with said expression (FIG. 1 5A and B). 

Regarding to claims 10 and 32, Bapat teaches all the claimed subject matters as 
discussed in claims 1 and 28, Bapat further discloses access to said at least one record can 
be for browsings editings or deleting of said at least one record (FIG. 1 5A and B). 



• 
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Claim Rejections - 35 USC § 103 



4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject nnatter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

This application currently names joint inventors. In considering patentability of 

the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 

the various claims was commonly owned at the time any inventions covered therein 

were made absent any evidence to the contrary. Applicant is advised of the obligation 

under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 

not commonly owned at the time a later invention was made in order for the examiner to 

consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 

prior art under 35 U.S.C. 103(a). 

5. Claims 17-18, 23-26 and 35-36 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Bapat et al. [USP 6,236,996 B1]. 

Regarding to claim 35, Bapat teaches a computer program for controlling access 
to managed objects (Col. 32, Lines 41). As shown in FIG. 14 is a database having one 
or more records stored therein (Col. 25, lines 49-50 and 55-59). As shown in FIG. 4 is a 
Grapltical User Interface that can facilitate operation on said one or more records stored in 
said database (Col. 1 1 , Lines 39-51 ). Referring back to FIG. 4, tables 310 and 320 as in 
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FIG. 11A are stored in a conventional DBMS 280 (Col. 25. lines 49-50). Rows 311, 312, 
321, 322 of the tables 310, 320 contain management information for managed objects 
(Col. 25, lines 60-61). The FDN operates as the primary key to the data stored in the 
table and to determine which managed objects that a particular user is permitted to 
access or modify (Col. 19, lines 36-40). Access control for a particular user on a 
particular managed object is defined by a permissions table as shown below (Col. 26, 
lines 10-12). 



Granted Permissions Table for Table 1 
1502->|jserMame 



l^f X 



MS^ X 



user V 



user z 



1510 *-^ grouo a 



0b|ect Name 



ot^ed_xyz 



obiecl_xyz 
object abc~ 



<^tect„def 



object hn 



object Jkl 



Operation Type 



SELECT 



UPDATE 



SELECT 



TJECETT 



^LECT 



Se-ECT 



SELECT 



A permission entry 1502 is tuple having three fields, user name, object name, 
and operation type. The object name, preferably, is the FDN or Full Distinguish Name 
for a managed object (Col. 26, Lines 28-33). Referring to FIG. 1 1 A as shown below, 
each row in the database tables includes a field called the Fully Distinguished Name or 
FDN of a managed object followed by columns of data. For example, an FDN can look 
like /systemid="sys17owner="accompany"/devicetype="router" (Col. 19, Lines 24-35). 



Row 



FDN 



Datai 



I DataN 
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As seen, each row of the Granted Permissions Table is defined by a meaningful 
combination of characters or expression to specify a record access right for a user, 
wherein the expression associated with a record of the database by the FDN. Each row in 
the Granted Permissions Table explicitly defines an access right of a user to a record in 
the database with its Fully Distinguished Name is equal to the specified Fully 
Distinguished Name in the Granted Permissions Table. For example, based on a row of 
the Granted Permissions Table, a user_x can delete any record that has Object Name 
(FDN) = Record (FDN). As seen, each row expression in the Granted Permissions 
Table is a mathematical process evaluated by the FDN field of the record to determine 
the access right. In short, the Bapat technique as discussed performed the claimed 
defining at least one expression associated with at least one record^ based on an expression 
which is defined for said at least one record^ wherein said at least one expression is a 
calculation expression that can be evaluated at least partly based on at least one field of said at 
least one record^ and wherein said expression defining access privilege for said at least one 
record which is stored or is to be created in said database, Bapat does not explicitly teach a 
Graphical User Interface Is to facilitate the step of defining access control. However, as 
disclosed by Bapat. the system administrator 302 creates the permissions tables prior to 
use of the DBMS 280 by end users. The system administrator 302 invokes a call 440 to 
the Create_Permissions_Tahles 442 procedure of the DBMS 280 (Col. 26, lines 
18-27). As seen, in order to create the permission table by the 

Create_Permissions_Tables procedure, obviously, a Graphical User Interface must 
have to enter the user name, FDN and access control code as discussed above. 
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Therefore, it would have been obvious for one of ordinary skill in the art at the time the 
invention was made to include a Graphical User Interface in order to have a friendly 
system to define access right for a user. 

Regarding to claim 36, Bapat teaches all the claim subject matters as discussed 
in claim 35, Bapat further discloses database program further operates to evaluate said 
expression in order to determine whether access to said at least one record should be granted 
(Col. 27, line 45-Col. 28, line 26). 

Regarding to claim 17, Bapat teaches all the claim subject matters as discussed 
in claim 35, Bapat does not explicitly teach Graphical User Interface operates to provide 
the ability for a user of said database to define an expression associated with at least one 
operation that may be requested to be performed by another user of said database on said one 
or more records stored in said database. However, as discussed in claim 35, the system 
administrator 302 creates the permissions tables prior to use of the DBMS 280 by end 
users. The system administrator 302 invokes a call 440 to the 

Create_Permissions_Tahles 442 procedure of the DBMS 280 (Col. 26, lines 18- 
27). As seen, in order to create the permission table by the 

Create_Permissionsjrahles procedure, obviously, a Graphical User Interface must 
have to enter the user name, FDN and access control code as discussed above. 
Therefore, it would have been obvious for one of ordinary skill in the art at the time the 
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invention was made to include a Graphical User Interface in order to have a friendly 
system to define access right for a user. 

Regarding to claim 18, Bapat teaches all the claim subject matters as discussed 
in claim 35, Bapat does not explicitly discloses Graphical User Interface operates to 
provide the ability for a user to define said expression without requiring said user to write a 
programming script (Col. 26, lines 18-50). However, as discussed in claim 35, the 
system administrator 302 creates the permissions tables prior to use of the DBMS 280 
by end users. The system administrator 302 invokes a call 440 to the 
Create_Permissions_Tahles 442 procedure of the DBMS 280 (Col. 26, lines 18- 
27). As seen, in order to create the permission table by the 
Create_Permissions_Tahles procedure, obviously, no programming script is 
required for the system administrator. Therefore, it would have been obvious for one of 
ordinary skill in the art at the time the invention was made to not include a programming 
script in order to have a friendly system to define access right for a user. 

Regarding to claim 23, Bapat teaches all the claim subject matters as discussed 
in claim 35, Bapat further discloses database program operates to determine whether access 
to at least one of said one or more records should be granted or denied (Col. 27, line 45-Col. 
28, line 26). 
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Regarding to claim 24, Bapat teaches all the claim subject matters as discussed 
in claim 23, Bapat further discloses the step of determining of whether access to said at 
least one record should be granted or denied is performed by evaluating a calculation 
expression for said at least one of said one record (Col. 27, line 45-Col. 28, line 26). 

Regarding to claim 25, Bapat teaches all the claim subject matters as discussed 
in claim 24, Bapat further discloses access to said at least one record is granted only when 
said determining determines that access should be granted, and wherein access to said at least 
one record is denied when said determining determines that access should be denied for said 
record (CoL 27, line 45-Col. 28. line 26). 

Regarding to claim 26, Bapat teaches all the claim subject matters as discussed 
in claim 24, Bapat further discloses access to said at least one record can be for browsing, 
editing, or deleting of said record (FIG. 1 5A). 

6. Claims 11-15 and 19-22 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Bapat et al. [USP 6,236,996 B1] in view of Elmasri et al. 
[Fundamentals of Database System]. 

Regarding to claim 1 1 , Bapat teaches a method for controlling managed objects. 
As shown in FIG. 14, tables 310 and 320 as in FIG. 1 1A are stored in a conventional 
DBMS 280 (Col. 25. lines 49-50). Rows 31 1. 312. 321, 322 of the tables 310, 320 
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contain management information for managed objects (Col. 25, lines 60-61). The FDN 
operates as the primary key to the data stored in the table and to determine which 
managed objects that a particular user is permitted to access or modify (Col. 19, lines 
36-40). Access control for a particular user on a particular managed object is defined by 
a permissions table as shown below (Col. 26, lines 10-12). 



Granted Permissions Table for Table 1 
1502 -^user Name 



user X 



1510 



user^y 



user V 



Liser z 



group a 



group z 



Ob^ Klanie 



obiecl_xy2 



ot^jectjqrs 



ob|ect_xyz 
obtect abc" 



otoiect_def 



obied h3i 



objectjki 



Operation Type 
SELECT 



UPDATE 
SELECT 



TfEUTT 



SELECT 



SELECT 



SELECT 



A permission entry 1502 is tuple having three fields, user name, object name, 
and operation type. The object name, preferably, is the FDN or Full Distinguish Name 
for a managed object (Col. 26, Lines 28-33). Referring to FIG. 1 1 A as shown below, 
each row in the database tables includes a field called the Fully Distinguished Name or 
FDN of a managed object followed by columns of data. For example, an FDN can look 
like /systemid="sysr7owner="accompany"/devicetype="router" (Col. 19, Lines 24-35). 



Row 


FDN 1 


Data 1| 


... 1 Data N 



As seen, each row of the Granted Permissions Table is defined by a meaningful 
combination of characters or expression to specify a record access right for a user, 
wherein the expression associated with a record of the database by the FDN. Each row in 
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the Granted Permissions Table explicitly defines an access right of a user to a record in 
the database with its Fully Distinguished Name is equal to the specified Fully 
Distinguished Name in the Granted Permissions Table. For example, based on a row of 
the Granted Permissions Table, a user_x can delete any record that has Object Name 
(FDN) = Record (FDN). As seen, each row expression in the Granted Permissions 
Table is a mathematical process evaluated by the FDN field of the record to determine 
the access right. In short, the Bapat technique as discussed performed the claimed 
defining at least one expression associated with at least one record of said database^ wherein 
said at least one expression is a calculation expression that can be evaluated at least partly 
based on at least one field of said at least one record in said database, and wherein said 
calculation expression defines access privileges of said one or more users with respect to at 
least one operation that may be requested to be performed by said one or more users on one or 
more records of said database. When a user 300 issues an SQL command to access the 
DBMS 280 (Col. 22, lines 24-26, Col. 25, lines 65-67) for the status of all routers in the 
network or for information about a specified list of managed objects (Col. 28, lines 27- 
30) as receiving a request to perform said at least one operation on one or more records of 
said database, said request being identified as a request made by said one or more users 
associated with user name. Access Control is enforced by evaluating user name, object 
name and operation type as said calculation expression when said request has been 
received; said evaluation returning only one of two possible values, one of said possible values 
indicating that said at least one operation should be granted and another one of said possible 
values indicating that said at least one operation should be denied; granting said at least one 
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operation to be performed when said evaluation returns one said possible value to indicate 
that said at least one operation should be granted; and denying said at least one operation to 
be performed when said evaluation returns one said another possible value to indicate that 
said at least one operation should be denied {Col 27, line 45-Col. 28, line 26). Elmasri 
teaches a method of protecting access to a database system by identifying a password 
that is associated with one or more users of said database (Elmasri, page 718). Therefore, it 
would have been obvious for one of ordinary skill in the art at the time the invention was 
made to modify the Bapat method by using a password to identify a user a taught by 
Elmasri in order to have a more secure database system. 

Regarding to claim 12, Bapat and Elmasri teaches all the claimed subject 
matters as discussed in claim 1 1 , Bapat further discloses at least one operation can be a 
browse, an edit, or a delete operation (FIG. 15Aand B). 

Regarding to claim 13, Bapat and Elmasri teaches all the claim subject matters 
as discussed in claim 1 1 , Bapat further discloses calculation expression is not explicitly 
defined for said at least one operation but said calculation expression is one that has been 
defined for another operation which has been considered as a related operation to said at least 
one operation (FIG. 15A), 

Regarding to claim 14, Bapat and Elmasri teaches all the claim subject matters 
as discussed in claim 1 1 , Bapat further discloses calculation expression can be evaluated 
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at least partly based on a value of at least one field of said at least one record^ and wherein 
said calculation expression can be evaluated at least partly based on at least one state variable 
of said database (Col. 26, lines 28-33). 

Regarding to claim 15, Bapat and Elmasri teaches all the claim subject matters 
as discussed in claim 14, Bapat further discloses the step granting temporary or 
limited access to said at least one record to allow said evaluating of said calculation expression 
(FIG. 15A). 

Regarding to claim 19, Bapat teaches all the claim subject matters as discussed 
in claim 16, Bapat fails to teach Graphical User Interface provides a window that allows a 
user to interact with said Graphical User Interface to identify a password for which access 
privileges may be defined or re-defined. Elmasri teaches a method of protecting access to 
a database system by identifying a password that is associated with one or more users 
of said database (Elmasri, page 718). In the teaching of creating the permission table 
(Col. 26, lines 16-50), a Graphical User Interface provides a window is implied. In FIG. 
15A, a user name is identified by system administrator and the user access right is 
mapped to the table by Create_Pe2n:nissionsjrahles procedure. Therefore, it 
would have been obvious for one of ordinary skill in the art at the time the invention was 
made to modify the Bapat method by using a Graphical User Interface to identify a 
password instead of user name in order to define access privilege for a user. 
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Regarding to claim 20, Bapat and Elmasri teaches all the claim subject matters 
as discussed in claim 19, Bapat does not explicitly discloses Graphical User Interface 
further provides a window that allows a user to specify a calculation expression which defines 
access privileges with respect to at least one operation that may be requested to be performed 
on said one or more records. However, as discussed in claim 35, the system administrator 
302 creates the permissions tables prior to use of the DBMS 280 by end users. The 
system administrator 302 invokes a call 440 to the Create_Permissions_Tahles 
442 procedure of the DBMS 280 (Col. 26, lines 18-27). As seen, in order to create the 
permission table by the Create_Permissions_Tables procedure, obviously, a 
Graphical User Interface provide a window must have to enter the user name, FDN and 
access control code as discussed above. Therefore, it would have been obvious for one 
of ordinary skill in the art at the time the invention was made to include a Graphical User 
Interface in order to have a friendly system to define access right for a user. 

Regarding to claim 21 , Bapat and Elmasri teaches all the claim subject matters 
as discussed in claim 20, Bapat further discloses at least one operation can be a browse, 
edit, or a delete operation (FIG. 1 5A). 

Regarding to claim 22, Bapat and Elmasri teaches all the claim subject matters 
as discussed in claim 20, Bapat further discloses calculation expression can be evaluated 
at least partly based on a value in at least one field of said one or more records of said 
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database, and wherein said calculation expression can be evaluated at least partly based on at 
least one state variable of said database (FIG 1 1 C, Col. 21 , Lines 1 3-27). 

7. Claim 27 is rejected under 35 U.S.C. 103(a) as being unpatentable 
over Bapat et al. [USP 6,236,996 B1] in view of Gorelik et al. [USP 6,651,067 81]. 

Regarding to claim 27, Bapat teaches all the claimed subject matters as 
discussed in claim 24, but fails to disclose the database further comprises a cache, and 
wherein said cache operates to store an evaluated result of at least one calculation expression, 
Gorelik teaches a database comprises a cache, and cache operates to store an 
evaluated result (Gorelik, FIG. 3). Therefore, it would have been obvious for one of 
ordinary skill in the art at the time the invention was made to modify the Bapat system 
by including a cache and store the result in cache as taught by Gorelik in order to speed 
up the retrieval process. 
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Conclusion 

8. Applicant's amendment necessitated the new ground(s) of rejection 
presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See 
MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 
37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to HUNG Q PHAM whose telephone number is 703-605- 
4242. The examiner can normally be reached on Monday-Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, JOHN E BREENE can be reached on 703-305-9790. The fax phone 
number for the organization where this application or proceeding is assigned is 703- 
872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status Information for unpublished applications is available through Private PAIR only. 
For more Information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

Examiner Hung Pham 
May 24, 2004 




